Ανακοίνωση συμβάντων ασφαλείας στο πλαίσιο του GDPR, NIS2, DORA

Κουκοβίνος, Δημοσθένης - Ραφαήλ

Notification of security incidents under GDPR, NIS2, DORA

Master Thesis

Author

Κουκοβίνος, Δημοσθένης - Ραφαήλ

Date

2025-09

Abstract

The obligation for notification of security incidents is a basic obligation under GDPR, NIS2 and DORA. These three texts have different scopes of application, as GDPR is the basic text on personal data protection, NIS2 establishes cybersecurity measures for essential and important entities, while DORA is a lex specialis of NIS2 and applies to the financial sector. However, there are cases where an entity and a security incident fall under the scope of more than one texts. In addition to the scope of application, there is also a semantic connection between the texts, as the purpose of all is to achieve security. In each text, there are different conditions under which there is obligation to notify security incidents. A common parameter is the existence of a risk to the protected asset. It is of course possible for the same event notifications to be required in the context of two of these texts, provided that the respective conditions are met. The need to submit separate notifications poses challenges for the entities, as each text provides for a different notification schedule, while there are also different supervisory authorities. In particular, cybersecurity texts set very short deadlines for submitting initial notifications, while at the same time the possibility of cooperation between supervisory bodies provided by NIS2 and DORA is seen as a positive element. The purpose of the notifications also differs, as with cybersecurity texts the emphasis is on prevention and timely management of the incident, while GDPR aims to protect individuals. The existence of different frameworks can lead to two or more fines for the same incident. The main challenge for the future remains the cooperation of authorities and the preparation of entities in view of increasing threats.

Postgraduate Studies Programme

Δίκαιο και Τεχνολογίες Πληροφορικής και Επικοινωνιών (MSc in Law and Information and Communication Technologies)

Department

Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών Συστημάτων

Number of pages

103

Language

Greek

URI

https://dione.lib.unipi.gr/xmlui/handle/unipi/18748

Collections

Τμήμα Ψηφιακών Συστημάτων

Show full item record

Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα